MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a80a506f1a921b1af4b1b3fd6d37737622a3fd75e10efb44da9956b590cd185. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a80a506f1a921b1af4b1b3fd6d37737622a3fd75e10efb44da9956b590cd185
SHA3-384 hash: df1d92981c3164475479210d02fca518a8e89fadbf34083853ff1c3b50d9927189e2b8235f5a36eb35d97f0a9628d97a
SHA1 hash: 3f11b8bf4805220c57b24a1e2a2bb88f46add363
MD5 hash: dc8141020c9c0163444b64495566db9c
humanhash: idaho-maryland-quebec-bulldog
File name:8a80a506f1a921b1af4b1b3fd6d37737622a3fd75e10efb44da9956b590cd185
Download: download sample
File size:1'535'272 bytes
First seen:2020-06-16 09:29:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'452 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 24576:gWPO+euSJ92d8CTjUqQgqJUPwRcvYRGDP6EZlFlgc2Uv/5pg:bOFuObCTImqJU0E7Dt5tPg
Threatray 20 similar samples on MalwareBazaar
TLSH 3C6512DD725070EFC467DC73CAA42C24AE2078AB871BC643A097199A990C6E7DF605F7
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10689/
Detection(s):
PUA.Win.Trojan.Generic-6629273-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 21:12:01 UTC
File Type:
PE (.Net Exe)
Extracted files:
35
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05bb212dd186eaa7c2fa17ad094fd56f55fa203f488f1e150532aa23c86c9bf8
0a724325d6c34ee680d393db2ab074eb37c5c9c1cd5985e51382d275d97daa10
30f878c3d1b2e365f13e2085d39e3c9289dadf191c47dd1abcb273b5fac081b3
53e4f5df0428b043d69593a2875bace25b99e5f2b9f7fc7630a4f8ef5b75251f
74d6d0213855d53e4edad91ee620009558a9df2f6f925be9e81ba54df4b3b11d
85b315f053164c0910b88178383f3271d8faef791d4cb35442f246c91bd80225
966aa9010dcd3fdd35f00b995066013f1a686c4b8364cd5037b5eaed6f1140df
9efca9fb9aadcdec3f3e23fda67899c67dda0d7178636a5691e15d6b62e01649
b0fcccae3067e57d0725eca21b6c416c9b42b26b6601a5c2d4a7dc20d72eb37a
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200624-lw2ptjkdh2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious use of SetThreadContext
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10689/

Comments